1. Field of the Invention
This invention relates to storage media and more particularly relates to implementing protected partitions in storage media.
2. Description of the Related Art
The explosion of data created by e-business is making storage a strategic investment priority for companies of all sizes. As storage takes precedence, a major concern has emerged: the need to archive data in a non-rewritable and non-erasable manner. This need is based in part on the need to meet the legal requirements of the management of financial data, such as required by the Securities and Exchange Commission and HIPPA, as well as the archival of court records, customer records, and other long-lived information. Traditionally, optical media has been used to store date in non-rewritable and non-erasable form. Non-rewritable and non-erasable data may also be referred to as reference data, fixed content data, or Write Once Read Many (WORM) data.
Information technology providers are increasingly migrating WORM data to disk based storage subsystems due to the constantly dropping price and increasing storage capacity of the disks in the storage subsystems. A disk based storage subsystem may be part of a Storage Area Network. The Storage Network Industry Association (SNIA) defines SAN as a network whose primary purpose is the transfer of data between computer systems and storage elements. A SAN may comprise a communication infrastructure, which provides physical connections; and a management layer, which organizes the connections, storage elements, and computer systems so that data transfer is secure and robust. A SAN may also include a storage system comprising storage elements, storage devices, computer systems, and/or appliances, plus all control software, communicating over a network.
Commonly, a storage area network includes a plurality of storage devices, such as tape drives or hard disk drives, connected with a storage or disk controller. The disk controller is generally a server that is configured to process read/write requests from hosts or client machines. The hosts may be running a variety of operating systems such as Windows, Linux, UNIX, AIX, zOS, etc. In large computing environments, the storage area network is an ideal solution for providing large amounts of storage and scalable server or storage controller performance.
Typically, in a storage area network environment, a host requests data from the disk controller. The disk controller then retrieves the data from the particular storage device that contains the requested data, often referred to as a home location. The disk controller then sends the data to the host. If the host modifies the data, the data is sent back to the disk controller which returns the modified data to the home location. Typically, the host awaits a response from the disk controller indicating the read or write operation has completed. The home location often takes the form of a partition on the disk drive. A partition further comprises at least one unit of storage of fixed size, or at least one unit of storage of variable size. In one embodiment, the unit of storage of fixed size is a logical block address (LBA).
The disk controller may also provide functions such as the ability to provide access by heterogeneous servers, data caching, data availability features such as various RAID implementations and clustering, scalability, virtualization of devices, replication services and non-rewritable and non-erasable storage (WORM). WORM functionality is usually provided by microcode residing outside the storage device or disk drive, such as in the disk controller, which prevents modification, deletions, and additions to the data stored on disk drives. The disk drive is usually integrated and enclosed in the subsystem and cannot be removed. A storage subsystem providing WORM functionality is also referred to as WORM storage subsystem.
Even though WORM storage subsystems are becoming more and more accepted as a legal means of archiving reference data, there remains a security concern: the data on the disk drive is inherently rewritable and erasable. The only protections preventing the alteration or deletion of archived data are provided by the controller microcode, which does not allow modifications or deletions, and the physical protection of the disk drives, which are enclosed in a lockable rack or cabinet. When a disk drive is removed from the storage subsystem the data on that disk drive is no longer secure and may be overwritten, deleted or otherwise manipulated. To prevent this, the data can be formatted in a special way to make the alteration of the data more difficult, however, it is still possible to decode the format and manipulate the data. This puts the integrity of the archived data at more risk than in the past, when the physical nature of the medium provided a natural barrier to the modification of the data. Furthermore, current WORM systems typically depend on proprietary interfaces to the host computer or disk controller, which may introduce problems with the existing information technology infrastructure.
From the foregoing discussion, it should be apparent that a need exists for an apparatus, system, and method that implements protected partitions in hard disk drives. Beneficially, such an apparatus, system, and method would utilize a standardized interface and not require proprietary hardware or interfaces.